Investigators Used Second Site as Bait After Taking Down Major Dark Web Marketplace

This screen grab provided by the U.S. Department of Justice shows a hidden website that has been seized as part of a law enforcement operation by the Federal Bureau of Investigation, the Drug Enforcement Administration and European law enforcement agencies acting through Europol. On Thursday, July 20, 2017, authorities announced that two of the world's most notorious "darknet" marketplaces, AlphaBay and Hansa, have been knocked out in a one-two punch that officials say yielded a trove of new intelligence about drugs and weapons merchants that operate from hidden corners of the internet. (Image: U.S. Department of Justice via AP)

Authorities from the U.S. and Europe announced Thursday that they had taken down illegal dark web marketplaces AlphaBay and Hansa, but not before using the latter site as bait to collect information on users attempting to buy and sell drugs, fake IDs, stolen credit cards, weapons, toxic chemicals and more. Authorities say they collected addresses of 10,000 Hansa users during the operation, which will aid in the ongoing international investigation into the e-commerce underground.

AlphaBay was the largest “dark market” operated on the highly anonymous dark web, according to the U.S. Department of Justice, serving over 200,000 users, hosting over 40,000 vendors and listing over 250,000 items—ranging from illegal drugs, to stolen information, to hacking tools—at the time it was taken down by authorities on July 4.

The dark web is an unseen part of the internet that is not indexed by search engines such as Google, and can only be accessed using special browsers such as Tor, which redirects users’ communications through several routers, masking their IP address and therefore keeping them largely anonymous and untraceable. For additional anonymity, users of the AlphaBay shopping site used digital cryptocurrencies such as bitcoin to place their purchases.

Although authorities have not released exactly how the AlphaBay and Hansa dark web sites were infiltrated, an indictment and complaint for forfeiture filed against AlphaBay’s creator, 24-year-old Alexandre Cazes, sheds some light on the investigation and on Cazes’ alleged role in the multi-million-dollar underground operation. (Cazes was arrested on July 5 while living in Thailand and died in Thai custody on July 12 in an apparent suicide, according to the DOJ.)

Cazes had amassed a net worth of approximately $23 million collecting commission from sales made on the AlphaBay dark web site, which he launched in 2014, according to the complaint for forfeiture. The complaint lists dozens of items acquired by Cazes in relation to funds gained through AlphaBay, including a Lamborghini, Porsche and Mini Cooper, a BMW motorcycle, several properties including four in Thailand, and funds from multiple bank accounts, as well as addresses storing bitcoin and other cryptocurrencies.

Cazes used a company called EBX Technologies as a front for his illegally acquired funds, according to the complaint. The complaint further reveals that Cazes, who went by the usernames “Alpha02” and “Admin” on AlphaBay, was identified by authorities due to his personal email address being revealed in the header of a welcome email sent to new users of the site in 2014. Law enforcement traced this email address back to Cazes, in part through a 2008 forum post signed with that email address and Cazes’ full name, which was also posted under the username “Alpha02.”

The 16-count indictment, which included charges ranging from distribution of narcotics to money laundering, shows several purchases made by undercover agents through the AlphaBay website for illegal items including heroin, fentanyl, methamphetamines, fake government IDs and an ATM skimming device. The indictment also lists “co-conspirators” who helped run the site, including administrators, moderators, a public relations manager and vendors, although the identities of these co-conspirators are not stated.

Hansa, which was the third largest criminal dark web marketplace, according to a Europol press release, was based out of servers in the Netherlands, Germany and Lithuania, and was taken over by Dutch authorities on June 20 following the arrests of two of its administrators. The site remained up and in law enforcement control for one month as authorities gathered information on users, including “high value targets” placing large orders on the site.

This investigative effort was bolstered by the closing of AlphaBay by U.S. authorities, as Dutch authorities were able to “sweep up all those new users displaced from AlphaBay who were looking for a new trading platform,” according to the press release. Europol reports that the number of new Hansa members increased eight-fold after the AlphaBay shutdown, enabling police to collect more information from more suspected criminals. After one month, the Hansa website was officially removed on July 20.

The strategy of keeping an illegal dark web site online in order to track users was previously used by the Federal Bureau of Investigations prior to the shutdown of child pornography website “the Playpen.” The FBI’s decision was met with controversy, as child pornography continued to be shared on the site during the time the FBI was running it. The FBI operation led to the arrests of 137 of the site’s approximate 150,000 users at the time of its removal.

Prior to its removal, AlphaBay was linked to a number of drug overdose deaths across the United States. In one case, two 13-year-old boys in Utah died after overdosing on a synthetic opioid one of the boys had purchased on AlphaBay, according to the Associated Press.

In announcing the takedown of AlphaBay and Hansa, Attorney General Jeff Sessions vowed to continue fighting drug trafficking and other crimes on the dark web, saying “We will use every tool we have to stop criminals from exploiting vulnerable people and sending so many Americans to an early grave. I believe that because of this operation, the American people are safer—safer from the threat of identity fraud and malware, and safer from deadly drugs.”